ユーザーの種類と権限

トピック

WordPress では、サイトの所有者が各ユーザーに対してサイト内で利用できる機能を管理するための「権限グループ」という概念を使用します。サイトの所有者は権限グループに各ユーザーを含めることでタスクへのアクセス権を管理できます。タスクには投稿の作成と編集固定ページの作成カテゴリーの作成コメントのモデレートプラグインの管理テーマの管理他のユーザーの管理 などがあります。

WordPress にはあらかじめ定義された6個の権限グループがあります。特権管理者管理者編集者投稿者寄稿者購読者です。各権限グループのユーザーには、「権限」と呼ばれる一連のタスクの実行が許可されています。権限には “publish_posts”、“moderate_comments”、“edit_users” を含む多くの種類があります。権限グループにはあらかじめデフォルトの権限が設定されていますが、add_cap() 関数や remove_cap() 関数を使用して他の権限を付与または削除することもできます。add_role() 関数や remove_role() 関数を使用すると、新しい権限グループを導入または削除できます。

特権管理者」権限グループに所属するユーザーはすべての権限を実行できます。他の各権限グループは、それぞれ制限された実行可能権限を持ちます。たとえば、「購読者」権限グループは “read” 権限のみを持っています。ある権限グループが、他の権限グループの上位に位置すると考えるべきではありません。むしろ、権限グループはサイトにおけるユーザーの責任を定義するものと考えてください。

権限グループの概要 権限グループの概要

  • 特権管理者 – サイトネットワーク管理機能や他のすべての機能へアクセスできるユーザー。「ネットワークの作成」を参照してください。
  • 管理者 (スラッグ: ‘administrator’) – シングルサイト内のすべての管理機能にアクセスできるユーザー。
  • 編集者 (スラッグ: ‘editor’) – 他のユーザーの投稿を含むすべての投稿を公開、管理できるユーザー。
  • 投稿者 (スラッグ: ‘author’) – 自身の投稿を公開、管理できるユーザー。
  • 寄稿者 (スラッグ: ‘contributor’) – 自身の投稿を編集・管理できるが、公開はできないユーザー。
  • 購読者 (スラッグ: ‘subscriber’) – プロフィール管理のみを実行できるユーザー。

WordPress をインストールすると、すべての権限を持つ「管理者」アカウントが自動的に作成されます。

新規ユーザーのデフォルトの権限グループを設定するには、管理画面 > 設定 > 一般設定を実行します。

トップ ↑

Roles Roles

A Role defines a set of tasks a user assigned the role is allowed to perform. For instance, the Super Admin role encompasses every possible task that can be performed within a Network of virtual WordPress sites. The Administrator role limits the allowed tasks only to those which affect a single site. On the other hand, the Author role allows the execution of just a small subset of tasks.

The following sections list the default Roles and their capabilities:

Super Admin Super Admin

Multisite Super Admins have, by default, all capabilities. The following Multisite-only capabilities are therefore only available to Super Admins:

In the case of single site WordPress installation, Administrators are, in effect, Super Admins. As such, they are the only ones to have access to additional admin capabilities.

トップ ↑

Administrator Administrator

The capabilities of Administrators differs between single site and Multisite WordPress installations. All administrators have the following capabilities:

Additional Admin Capabilities Additional Admin Capabilities

Only Administrators of single site installations have the following capabilities. In Multisite, only the Super Admin has these abilities:

トップ ↑

Editor Editor

トップ ↑

Author Author

トップ ↑

Contributor Contributor

トップ ↑

Subscriber Subscriber

トップ ↑

Special Cases Special Cases

The following capabilities are special cases:

  • unfiltered_upload – This capability is not available to any role by default (including Super Admins). The capability needs to be enabled by defining the following constant:
define( 'ALLOW_UNFILTERED_UPLOADS', true );

With this constant defined, all roles on a single site install can be given the unfiltered_upload capability, but only Super Admins can be given the capability on a Multisite install.

トップ ↑

権限と権限グループ比較テーブル 権限と権限グループ比較テーブル

Note that the capabilities of Administrators differs between single site and Multisite WordPress installations, as described above .

CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
create_sitesY
delete_sitesY
manage_networkY
manage_sitesY
manage_network_usersY
manage_network_pluginsY
manage_network_themesY
manage_network_optionsY
upload_pluginsY
upload_themesY
upgrade_networkY
setup_networkY
CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
activate_pluginsYY (single site or enabled by network setting)
create_usersYY (single site)
delete_pluginsYY (single site)
delete_themesYY (single site)
delete_usersYY (single site)
edit_filesYY (single site)
edit_pluginsYY (single site)
edit_theme_optionsYY
edit_themesYY (single site)
edit_usersYY (single site)
exportYY
importYY
CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
install_pluginsYY (single site)
install_themesYY (single site)
list_usersYY
manage_optionsYY
promote_usersYY
remove_usersYY
switch_themesYY
update_coreYY (single site)
update_pluginsYY (single site)
update_themesYY (single site)
edit_dashboardYY
customizeYY
delete_siteYY
CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
moderate_commentsYYY
manage_categoriesYYY
manage_linksYYY
edit_others_postsYYY
edit_pagesYYY
edit_others_pagesYYY
edit_published_pagesYYY
publish_pagesYYY
delete_pagesYYY
delete_others_pagesYYY
delete_published_pagesYYY
delete_others_postsYYY
delete_private_postsYYY
edit_private_postsYYY
read_private_postsYYY
delete_private_pagesYYY
edit_private_pagesYYY
read_private_pagesYYY
unfiltered_htmlYY (single site)Y (single site)
unfiltered_htmlYYY
CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
edit_published_postsYYYY
upload_filesYYYY
publish_postsYYYY
delete_published_postsYYYY
edit_postsYYYYY
delete_postsYYYYY
CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
readYYYYYY

トップ ↑

Capabilities Capabilities

トップ ↑

switch_themes switch_themes

トップ ↑

edit_themes edit_themes

  • Since 2.0
  • Allows access to Appearance > Theme Editor to edit theme files.

トップ ↑

edit_theme_options edit_theme_options

トップ ↑

install_themes install_themes

トップ ↑

activate_plugins activate_plugins

トップ ↑

edit_plugins edit_plugins

トップ ↑

install_plugins install_plugins

トップ ↑

edit_users edit_users

トップ ↑

edit_files edit_files

  • Since 2.0
  • Note: No longer used.

トップ ↑

manage_options manage_options

  • Since 2.0
  • Allows access to Administration Screens options:
    • Settings > General
    • Settings > Writing
    • Settings > Reading
    • Settings > Discussion
    • Settings > Permalinks
    • Settings > Miscellaneous

トップ ↑

moderate_comments moderate_comments

  • Since 2.0
  • Allows users to moderate comments from the Comments Screen (although a user needs the edit_posts Capability in order to access this)

トップ ↑

manage_categories manage_categories

トップ ↑

トップ ↑

upload_files upload_files

トップ ↑

import import

トップ ↑

unfiltered_html unfiltered_html

  • Since 2.0
  • Allows user to post HTML markup or even JavaScript code in pages, posts, comments and widgets.
  • Note: Enabling this option for untrusted users may result in their posting malicious or poorly formatted code.
  • Note: In WordPress Multisite, only Super Admins have the unfiltered_html capability.

トップ ↑

edit_posts edit_posts

  • Since 2.0
  • Allows access to Administration Screens options:
    • Posts
    • Posts > Add New
    • Comments
    • Comments > Awaiting Moderation

トップ ↑

edit_others_posts edit_others_posts

  • Since 2.0
  • Allows access to Administration Screens options:
    • Manage > Comments (Lets user delete and edit every comment, see edit_posts above)
  • user can edit other users’ posts through function get_others_drafts()
  • user can see other users’ images in inline-uploading [no? see inline-uploading.php]
  • See Exceptions

トップ ↑

edit_published_posts edit_published_posts

  • Since 2.0
  • User can edit their published posts. This capability is off by default.
  • The core checks the capability edit_posts, but on demand this check is changed to edit_published_posts.
  • If you don’t want a user to be able to edit their published posts, remove this capability.

トップ ↑

publish_posts publish_posts

  • Since 2.0
  • See and use the “publish” button when editing their post (otherwise they can only save drafts)
  • Can use XML-RPC to publish (otherwise they get a “Sorry, you can not post on this weblog or category.”)

トップ ↑

edit_pages edit_pages

トップ ↑

read read

トップ ↑

publish_pages publish_pages

  • Since 2.1

トップ ↑

edit_others_pages edit_others_pages

  • Since 2.1

トップ ↑

edit_published_pages edit_published_pages

  • Since 2.1

トップ ↑

delete_pages delete_pages

  • Since 2.1

トップ ↑

delete_others_pages delete_others_pages

  • Since 2.1

トップ ↑

delete_published_pages delete_published_pages

  • Since 2.1

トップ ↑

delete_posts delete_posts

  • Since 2.1

トップ ↑

delete_others_posts delete_others_posts

  • Since 2.1

トップ ↑

delete_published_posts delete_published_posts

  • Since 2.1

トップ ↑

delete_private_posts delete_private_posts

  • Since 2.1

トップ ↑

edit_private_posts edit_private_posts

  • Since 2.1

トップ ↑

read_private_posts read_private_posts

  • Since 2.1

トップ ↑

delete_private_pages delete_private_pages

  • Since 2.1

トップ ↑

edit_private_pages edit_private_pages

  • Since 2.1

トップ ↑

read_private_pages read_private_pages

  • Since 2.1

トップ ↑

delete_users delete_users

  • Since 2.1

トップ ↑

create_users create_users

  • Since 2.1
  • Allows creating new users.

トップ ↑

unfiltered_upload unfiltered_upload

  • Since 2.3

トップ ↑

edit_dashboard edit_dashboard

  • Since 2.5

トップ ↑

customize customize

  • Since 4.0
  • Allows access to the Customizer. 

トップ ↑

delete_site delete_site

  • Since 4.0
  • Allows the user to delete the current site (Multisite only).

トップ ↑

update_plugins update_plugins

  • Since 2.6

トップ ↑

delete_plugins delete_plugins

  • Since 2.6

トップ ↑

update_themes update_themes

  • Since 2.7

トップ ↑

update_core update_core

  • Since 3.0

トップ ↑

list_users list_users

トップ ↑

remove_users remove_users

  • Since 3.0

トップ ↑

add_users add_users

トップ ↑

promote_users promote_users

  • Since 3.0
  • Enables the “Change role to…” dropdown in the admin user list.
    • This does not depend on ‘edit_users‘ capability.
  • Enables the ‘Add Existing User’ to function for multi-site installs.

トップ ↑

delete_themes delete_themes

  • Since 3.0

トップ ↑

export export

  • Since 3.0

トップ ↑

edit_comment edit_comment

  • Since 3.1

トップ ↑

create_sites create_sites

  • Since 3.1
  • Multi-site only
  • Allows user to create sites on the network

トップ ↑

delete_sites delete_sites

  • Since 3.1
  • Multi-site only
  • Allows user to delete sites on the network

トップ ↑

manage_network manage_network

  • Since 3.0
  • Multi-site only
  • Allows access to Super Admin menu
  • Allows user to upgrade network

トップ ↑

manage_sites manage_sites

  • Since 3.0
  • Multi-site only
  • Allows access to Network Sites menu
  • Allows user to add, edit, delete, archive, unarchive, activate, deactivate, spam and unspam new site/blog in the network

トップ ↑

manage_network_users manage_network_users

トップ ↑

manage_network_themes manage_network_themes

トップ ↑

manage_network_options manage_network_options

トップ ↑

manage_network_plugins manage_network_plugins

トップ ↑

upload_plugins upload_plugins

  • Since 4.0
  • Multi-site only
  • Allows user to upload plugin ZIP files from the Network Plugins -> Add New menu

トップ ↑

upload_themes upload_themes

  • Since 4.0
  • Multi-site only
  • Allows user to upload theme ZIP files from the Network Themes -> Add New menu

トップ ↑

upgrade_network upgrade_network

  • Since 4.8
  • Multi-site only
  • is used to determine whether a user can access the Network Upgrade page in the network admin. Related to this, the capability is also checked to determine whether to show the notice that a network upgrade is required. The capability is not mapped, so it is only granted to network administrators. See #39205 for background discussion.

トップ ↑

setup_network setup_network

  • Since 4.8
  • Multi-site only
  • is used to determine whether a user can setup multisite, i.e. access the Network Setup page. Before setting up a multisite, the capability is mapped to the `manage_options` capability, so that it is granted to administrators. Once multisite is setup, it is mapped to `manage_network_options`, so that it is granted to network administrators. See #39206 for background discussion.

トップ ↑

Resources Resources

トップ ↑

Plugins Plugins

トップ ↑

Information Information